Various Facilities in Idaho
Announced July 27, 2018 (exact dates unknown)

Idaho prison officials reported that 364 inmates exploited a software vulnerability in the JPay tablets they use for email, music, and games to collectively transfer nearly a quarter million dollars into their accounts.

In a prepared statement, Idaho Department of Correction spokesman Jeff Ray stated, “This conduct was intentional, not accidental. It required a knowledge of the JPay system and multiple actions by every inmate who exploited the system’s vulnerability to improperly credit their account.”

The prisoners involved in the hacking were housed at five different facilities throughout the state: The Idaho State Correctional Institution, Idaho State Correctional Center, Idaho Correctional Institution-Orofino, South Idaho Correctional Institution and the Correctional Alternative Placement Plan facility operated by private prison company Management and Training Corporation, Inc.

The Idaho DOC issued disciplinary reports to all those they believe to be involved. A week later, the Colorado Department of Corrections confiscated all 15,000 of its tablets claiming a “security issue.”

(Updated 5/22/19)

Citations:

Idaho prisoners hacked tablets and gave themselves $225,000 in credit“, CNN, July 27, 2018.

Idaho prison officials: Inmates hacked system to get credits“, Associated Press, July 27, 2018.

Many rooting for Idaho inmates after credit bug exposed on devices“, Chicago Sun-Times, July 27, 2018.

Inmates gamed their prison-issued tablets to get $225,000 in credits“, Quartz, July 31, 2018.

“Colorado Inmates’ Tablets Taken Away for Security Reasons”, Associated Press, US News and World Report, August 2, 2018.